Description

When securing a SOAP message with a secure timestamp element, Wss4jSecurityInterceptor does not take into account timeToLive property specified in configuration, always defaulting to 5 minutes (300 sec) timeToLive value (difference b/w Created and Expires element values):

// set timeToLive from property
requestData.setTimeToLive(timeToLive);
// reads securementUsername first from the context then from the
// property
String contextUsername = (String) messageContext.getProperty(SECUREMENT_USER_PROPERTY_NAME);
if (StringUtils.hasLength(contextUsername))